How difficult to find collisions in this poly1305 implementation?

[silviuk]

Hi, we played with poly1305-donna and we like that it's quite fast. We'd like and would like to ask how difficult it is, with this specific implementation, to cause a collision (e.g. generate a different message with the same MAC) for an attacker that would know the secret key passed to poly1305_auth()? Of course, we'd use a key only once per message.

Thank you and sorry for asking here, don't know where else.